Secure Crypto Phone
PNVX was a series of secure telephone units,
developed by Philips Crypto around 1988. It was intended for
the professional market, such as the Police, the Department of Justice,
the Department of Defence (DoD), Foreign Affairs, etc.
It was Philips Crypto's first attempt to expand their market,
after dealing exclusively with the DoD for many years.
PNVX was also sold by Siemens as the
, and by Mils in Austria.
It is also known as SPENDEX 9600.
The first generation of secure phones was the PNVX-20xx series, which
was introduced around 1991. Depending on the required features, users
had a choice between the PNVX-2015, PNVX-2017 and the PNVX-2019.
The latter two (2017 and 2019) also featured a V.24 data-interface,
allowing secure PC connections (data) in addition to speech.
The image on the right, shows the top-of-the-range PNVX-6317 secure crypto phone.
The images below show some of its characteristics, such as the
crypto and plain buttons.
The PNVX-series allows secure voice communication over standard insecure
telephone lines (PSTN).
Unlike older and less advanced systems that used (analog)
the PNVX employs advanced digital encryption
using Philips proprietary cryptographic algorithms.
The analog voice signal from the microphone is first digitised with a
vocoder (LPC-10) and then enciphered with the built-in crypto unit.
Although approval for the PNVX phones has officially been withdrawn
in 2010 
many of them were still in use by the Dutch Government in 2012.
Deciphering was possible only
if the person at the other end had a compatible crypto phone
(i.e. a phone from the same series), an appropriate TB-100 key card
and the correct PIN.
At the beginning of a secure sessions, both ends had
to synchronise (12 to 24 seconds) and advanced authentication protocols
were used to exchange the keys and authenticate the user's identity.
Each user of the PNVX crypto phone was issued a so-called
TB-100 Personal Key Card. The card had the same size as a standard credit
card, but contained a micro chip with the user's unique personal key,
identity and other information.
Secure communication was only possible if the user's key card was inserted into
a slot at the right of the phone and the matching
Personal Identification Number (PIN) had been entered.
At the beginning of each secure crypto session, the identification of the
person at the other end would appear in the display, so that you could
check wether that person was who he said he was.
The image on the right shows two such key cards.
Some models, like the PNVX 2017, 2018 and the later 63xx series, featured a
V.24 data interface that was available as a 25-pin sub-D connector at the
rear of the unit.
The V.24 interface enabled the phone to send data in addition to speech,
allowing the connection of digital terminal equipment, such as a computer
(via the COM-port), a printer of a fax unit.
Like speech, data was sent at 2400 baud, which was considered the higest
possible speed available on all telephone networks world-wide at the time.
When used between two computers, the PNVX would act as a (secure) modem.
Although the PNVX has the looks of a standard telephone set, its weight
reveils its actual identity. The bottom of the unit is made of die-cast
aluminium and the top half is molded plastic. With the TEMPEST version of
the PNVX, the plastic top has been sprayed on the inside with metal paint
in order to provide some level of shielding.
The image on the right shows the interior of the PNVX after removing the
plastic top half. The unit contains two large PCBs that are mounted together
on a metallized plastic frame.
The top board contains the analog circuitry,
like the line interface, the power supply unit (PSU) and the modem.
It also contains some interfaces and the key card reader (on the right).
At the other side of the frame is the digital board
that contains the 8088 CPU, memory, firmware (EPROMs)
and V.24 interface.
The PNVX contains a number of (digital) processors. The main CPU is on the
bottom board. It is an OKI-built Intel 8088 (M80C88A), complete with RAM, ROM,
EPROM and I/O expanders. An additional 8-bit 8085 processor handles input from the keyboard and output to the LCD display.
On the top board is the LPC-10 vocoder, consisting of a
NEC D78C10 processor, RAM and software in EPROM.
Also on the top board is the
ROCKWELL modem interface.
A small plug-in unit at the centre of the top board is the actual crypto-heart
of the PNVX. Without this daughter card, the PNVX acts just as an ordinary
Different versions of this crypto module were developed for various groups of
users (government, army, police, civil use).
The crypto-unit plugs into the main board by means of four 12-pin connectors
mounted at the four courners.
The image on the right shows the bottom of the unit consisting of two
ASICs - that contain the actual cryptographic algorithm - and a small
controller. The latter is an 8-bit 8051-based One-Time-Programmable (OTP)
micro controller built by Signetics.
At the other side of the board are two Fujutsu MB603206 CPLDs, containing
customised 'glue-logic'. The MB603206 were among the first generation of
programmable hardware chips.
The crypto-unit contains separate hardware for coding and decoding in order
to allow full-duplex communication. The cryptographic algorithms inside the
OQ4436 ASICs were controlled by the OTP microcontroller in the middle.
Depending on the customer, the software inside the controller could be
adapted. For large customers it was even possible to implement
their own algorithm.
Considering the era in which the PNVX was developed (late 1980s),
the design of the crypto module was really state-of-the-art.
The fact that ASICs and the first generation of CPLDs were used, show that
Philips was at the forefront of secure phone development.
The PNVX-20xx series was followed by the PNVX-21xx series (1994) and finally the
PNVX-63xx series in 1995. Several variations of the same principle were developed,
such as a complete Crypto Switch (telephone exchange) and a separate encryptor for
(analog) mobile communication networks (PNVX 2111).
The PNVX-63xx series was developed especially for use by the Dutch government.
The following models are currently known:
- PNVX 2015, Secure Telephone
- PNVX 2017, Secure Telephone (with data interface)
- PNVX 2019, Secure Telephone (with data interface and extra functions)
- PNVX 2118, Secure Telephone
- PNVX 2111, Speech Encryptor
- PNVX 2116, Crypto Switch
- PNVX 4000 series
- PLDX 6142, Line Encryptor
- PNVX 6317, Crypto Telephone (for government use)
- PNVX 6318, Crypto Telephone (for government use)
- PFDX 6335, Fax Encryptor (for government use)
- PPSX 6361, X.25 line encryptor
The name PNVX is the abbreviation of Philips Narrow-band Voice Encryptor.
The letter 'X' is used here for 'Crypto' as with all other Philips Usfa crypto
equipment. The abbreviation PFDX stands for Philips Fax and Data Encryptor.
The internal designators for all secure phone products started with 'UP' followed by
the model number, e.g. UP-2017 for the PNVX-2017 phone.
The prefix 'UP' is most likely the abbreviation of Usfa Phone.
During the First Gulf War in 1991, the Dutch Army operated on Iraqi
territory under supervision of the United Nations (UN) in the
operation Desert Storm.
For secure communication with home,
they used Philips PNVX phones, probably alongside the Spendex 40
The image on the right shows two Dutch soldiers with blue UN barets
checking in a large box with Philips PNVX phones at Schiphol Airport
in Amsterdam, when leaving for Iraq. The label on the box shows PNVX 2017
as the model number, but it is highly unlikely that that model was actually
used by the military.
It is far more likely that in reality the box contained the PNVX 6317 model,
which used a more secure, government approved, encryption algorithm. The
phone was often used by soldiers contact their families at home.
To date, there have been no reports of compromised PNVX phones.
PNVX phones were not only used during the First Gulf War, but also during
later conflicts, such as the Iraq War (2003)  and by Dutch Special Forces
during Operation Enduring Freedom (OEF) in Afganistan (2005-2006) .
According to some reports, the PNVX was also used by the Dutch Army
in Banja Luke (Bosnia Herzegovina) in 2006 .
For the encryption/decryption of voice data, the PNVX used a stream cipher
that uses the well known principle of modulo-2 addition (XOR)
to mix the data and the key stream. The length of the key was 120 bits and the
system allowed more than 1038 different keys to be used.
Once started, the key stream had a cycle length of more than 10,000 years,
meaning that the key stream would not repeat itself within that period.
The key stream was generated by an in-house (Philips) developed algorithm that
was hard-wired inside a custom-made crypto module
with Philips' own OQ443x crypto chips.
It was also possible to implement customized algorithm, adding-in
a bit of security by obscurity.
For key management, the PNVX used a hierarchic matrix system that allowed up
to 2000 users per group. Only users of the same group could communicate with
The actual key (group key and personal key) was stored on a separate key card
(see above) which was used in combination with a PIN that had to be entered on the
For authentication at the beginning of a crypto session, PNVX used
peer entity authentication, which guarantees that the other party is indeed the
one it claims to be.
When sychronising two PNVX phones at the beginning of a crypto session, a randomly
generated information key of 64 bits was used in combination with synchronisation
check series (in-sync checks).
The PNVX was suitable for connection to standard PSTN (analog) telephone lines,
using either pulse dialling (IDK) or dual tone DTMF (TDK) operation. It complied
with the rules and regulation in the Netherlands, which were similar to the
requirements in other countries.
Speech was first digitised using a 10-bit AD convertor and then processed by
an LPC-10 vocoder in order to minimise
the data rate to 2400 bits/s (baud).
LPC-10 was a Linear Predictive Coding standard developed by the United States
Department of Defense for use by NATO. It is also known as
It reduced the audio quality somewhat, but would still be better than 85% DRT.
According to some users, the speech legibility of the PNVX was better
than that of the Motorola STU-III.
Computer data could be transmitted at the same speed (2400 baud) when connected
to the V24 socket at the rear of the unit (PNVX 2017 and PNVX 2019 only).
For a long time, PNVX phones have been approved and used for secure
voice communication up to the level of top secret, confidential and
NATO secret (PNVX-6317/6318), even after the demise
of Philips Crypto in 2003.
As of 1 January 2010, approval has officially been withdrawn by the
, but the PNVX phones remain Controlled Cryptographic Items (CCI) for
the time being. Some units were still actively being used in 2012.
They are currently being phased out.
Philips PNVX phones were rather popular in The Netherlands and at NATO.
In order to have a better coverage on the international market,
they were also sold as a rebadged product by some other manufacturers.
In Germany, the PNVX was sold by Siemens
as the Crypset 100 (shown on the
right). The only difference is its colour and the company name on the
front panel . The Philips designator for the Crypset 100 was
In Austria, the phone was sold by Mils Electronic.
Although the slightly older Spendex 40
crypto phone uses the same LPC-10 speech digitizer, it is not compatible
with the PNVX. The PNVX uses a Philips proprietary encryption algorithm,
whereas the Spendex 40 uses the NSA's highly secret
PNVX phones were still used by the Dutch Army and by NATO after
the Spendex 40 was phased out in 2009.
- Spendex 9600
- Crypset 100 (Siemens)
- Mils Secure Phone (Mils)
Brochures of related products
- Philips Crypto BV, PNVX 2015, PNVX 2017, PNVX 2019 Operating Instructions
- Philips Usfa BV, High Grade Secure Telephone Set, System Descryption
- Philips Usfa BV, PNVX 6318 Crypto and System Installation Guide
- Philips Crypto BV, PNVX 211Y Product Family Brochure
- Philips Crypto BV, PNVX 6318, PFDX 6335 Brochure
- Nationaal Bureau voor Verbindingsbeveiliging (NBV, part of the AIVD),
List of approved crypto products (Dutch)
Retrieved March 2009.
- Wikipedia, LPC-10 Vocoder
- Jane's Military Communications, Siemens Cryptset 100 Telephone
Fiftheenth Edition, 1994-95. page 523.
- Philips Crypto BV, PNVX 2118 leaflet
Also known as SPENDEX 9600. International sales leaflet.
- R. Miedema, Commandovoeringsondersteuning SFIR3 (Dutch)
Intercom 2004-4. p. 65-69.
- Website Boekje Pienter, Uruzgan
- Maurice Rijk on Linkedin
Any links shown in red are currently unavailable.
If you like this website, why not make a donation?|
© Copyright 2009-2013, Paul Reuvers & Marc Simons. Last changed: Saturday, 23 February 2013 - 18:17 CET